CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5878 – OneWireless command injection possible when updating firmware
https://notcve.org/view.php?id=CVE-2023-5878
06 Feb 2025 — Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2. Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R... • https://process.honeywell.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46361 – Physical access to the WDM enables use of USB device to gain access to the WDM
https://notcve.org/view.php?id=CVE-2022-46361
30 May 2023 — An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configu... • https://process.honeywell.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43485 – Insecure random number used for generating keys for signing Jwt tokens
https://notcve.org/view.php?id=CVE-2022-43485
30 May 2023 — Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4240 – Unauthenticated API allowing an attacker to obtain the information about network resources
https://notcve.org/view.php?id=CVE-2022-4240
30 May 2023 — Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-306: Missing Authentication for Critical Function •